Insight Partners, a global venture capital firm based in New York City, announced it experienced a cyber incident.
In January 2025, the organization detected unauthorized activity on information systems and worked to contain and remediate the situation. According to an investigation, there is no evidence of a malicious actor being present after the incident. Additionally, there has been no evidence of further disruptions.
The statement claims the incident was caused by a “sophisticated social engineering attack.” At this time, the organization does not believe there will be notable impacts on funds, portfolio companies, or other stakeholders.
Security leaders weigh in
J Stephen Kowski, Field CTO at SlashNext Email Security+:
This breach at Insight Partners shows how even sophisticated financial firms managing billions in assets remain vulnerable to social engineering attacks, which succeed by exploiting human psychology rather than technical vulnerabilities. Modern cybersecurity requires going beyond traditional security awareness training to include real-time phishing detection and automated response capabilities that can spot, and block sophisticated social engineering attempts before employees ever see them.
The fact that Insight Partners detected and responded to the incident within hours demonstrates good incident response practices, but prevention through advanced threat detection would have been even better. Companies should combine regular security training with AI-powered tools that can identify and stop social engineering attacks in real-time, especially given that these attacks are now the leading cause of cybercrime losses.
Amit Zimerman, Co-Founder and Chief Product Officer at Oasis Security:
Organizations need to invest in upskilling their teams through dedicated AI security training programs. These programs should focus on both foundational AI security knowledge and emerging threats.
Regular employee training remains essential in combating phishing threats, but training must evolve beyond static lessons. Incorporating phishing simulators to mimic real-world attacks enables employees to apply their training in dynamic environments, testing their ability to recognize and respond to threats effectively. However, education alone isn’t sufficient.
IT security teams must implement strong identity and access management (IAM) frameworks with compensating controls like multi-factor authentication (MFA) to mitigate phishing attempts. While traditionally phishing has been the main entry point for attackers, as an industry we have done a lot to improve our defense and made it much harder for attackers. What we are seeing is that attackers are now increasingly looking at weaker parts of the perimeter, such as non-human identities (NHIs), which control machine-to-machine access and are increasingly critical in cloud environments. NHIs now outnumber human identities in most organizations, and securing these non-human accounts is imperative.
Mr. Mika Aalto, Co-Founder and CEO at Hoxhunt:
With social engineering evolving so dramatically in the age of AI, training must be able to keep up and plug into the security stack. Using human threat intelligence to stay ahead of the latest attacks provides an advantage against advanced phishing and social engineering. It accelerates incident response and prevents malicious clicks. This means going beyond traditional SAT tooling to adopt behavior change platforms that are designed to measurably reduce human risk.